SLA

Appendix 1

SPAM FILTER SERVICE DESCRIPTION

1.Service Description

1.1The EveryCloud system shall filter incoming email of the Customer for dangerous content (e.g. viruses) and undesired advertisement (e.g. spam) received to the Customer/Users email addresses. Emails to the Customer shall be redirected to the EveryCloud server by changing of the MX records for the Customer’s domain to be filtered.

2.If desired by the Customer, outgoing emails shall be filtered as well.

3.1Received email shall either be:

3.1.1blocked (refused), in the case that they have been recognized with a high probability as undesired during data connection build-up with the EveryCloud server;

3.1.2put under quarantine, in the case that they have been recognized as undesired after complete reception of the email to the EveryCloud server;

3.1.3delivered or provided for pickup, in the case that they have been recognized as desired email.

4.Emails under quarantine shall be saved for 3 months to enable review by Users of the Customer. If desired by Customer and the EveryCloud Control Panel is correctly configured, a User shall be informed about new emails under quarantine.

5.Users can access email under quarantine via the Internet. Reseller shall be able to interactively initiate sending of emails under quarantine to the Customer systems.

6.Long-term archiving shall be provided by the Vendor subject always to the Customer entering into an agreement in respect of archiving Services.

7.The Reseller shall be responsible for ensuring that the Customer’s firewall shall be configured to only receive emails delivered by the EveryCloud system.

8.The Vendor shall only be responsible for the support relating to the EveryCloud system. At no time shall the Vendor have any responsibility in respect of the Customer system.

9.The monthly average rate of spam recognition shall be at least 99.9%. Such recognition rate shall be calculated based on the number of all emails, which were targeted for the Customer's domains and reached the EveryCloud systems in the measured time period. The recognition rate shall only be applicable where the direct delivery of incoming emails via SMTP to the EveryCloud systems occurs by modification of the MX record of the Customer's domains to point email traffic to the EveryCloud system.

10.The yearly average rate of virus recognition shall be at least 99.99%. The virus recognition rate shall be calculated based on the number of all emails, which were targeted for the Customer's domains and reached the EveryCloud system in the measured time period.

11.The monthly average false-positive rate shall be below 0.0004 %. Such false positive rate shall be calculated based on the number of all emails, which were targeted for the Customer's domains and reached the EveryCloud system in the measured time period. The following shall not be included in the false positive percentage rate: emails which were sent via incorrectly configured servers (not RFC-conforming), via verified Open Relays or insufficiently configured mail clients.

12.The yearly average availability shall be 99.99%. Condition shall be the direct delivery of incoming emails via SMTP to the agent's systems ensured by modification of the MX record. Scheduled maintenance shall not be taken into account.

13.Where possible, all scheduled maintenance on the production environment within the EveryCloud system shall be performed during weekend nights.

14.The Reseller shall ensure that the Customer's systems can accept emails sent from the EveryCloud systems, and that the EveryCloud Control Panel has all the required information about the Customer's systems .

Whenever the Reseller/End User raises a problem, fault or request for service information via telephone or email with EveryCloud, the fault shall be allocated a priority level as set out below with a corresponding response time.

1. The EveryCloud Encryption service can only be purchased as an additional product when the Spam Filter Service is purchased. The Encryption service cannot work on a standalone basis.

2. EveryCloud encrypts and digitally signs Users’ outgoing e-mails and decrypts the recipients’ incoming e-mails using the EveryCloud systems according to set policies or Customer defined policies.

3. Outgoing mail is signed using S/MIME, if the required private key is available in the certificate store.

4. Policies on encrypting outgoing e-mails can be adjusted by Customers using the EveryCloud Control Panel.

5. Depending on how policies are set, outgoing e-mails are transferred:

a) S / MIME or PGP encrypted using the recipient's public key,

b) unencrypted, but using an encrypted channel (TLS),

c) unencrypted.

6. If the policy provides for mandatory encrypted transmission to a recipient, but the necessary public key of the recipient is unavailable in the certificate store, and TLS data transfer is not supported by the receiving mail server, outgoing e-mails to that recipient will be rejected and not transmitted.

7. Incoming S / MIME or PGP encrypted e-mails will be automatically decrypted if the required private key is available in the certificate store.

8. Public keys are automatically extracted from incoming e-mail signatures and deposited in the certificate store.

9. Private keys for Customers can be ordered via the EveryCloud Control Panel and then be automatically stored in the certificate store. Alternatively, existing private keys can be stored in the certificate store by EveryCloud support.

10. EveryCloud ensures support of Customers, provided always that the support requirement is related to EveryCloud systems. Neither EveryCloud nor Vendor will support the Reseller and Customer system.

Appendix 4

CONTINUITY SERVICE DESCRIPTION

1. In the event of a failure of a Customer’s e-mail server, EveryCloud provides a backup e-mail server in an EveryCloud data centre that will allow client to receive and send e-mails.

2.The EveryCloud Continuity service can only be purchased as an additional product when the Spam Filter Service is purchased. The Continuity service cannot work on a standalone basis.

3. EveryCloud archives Customers’ incoming and outgoing clean e-mails for a rolling period of 3 months on the EveryCloud IT systems provided always these emails have been routed through EveryCloud’s server.

4. Users can access stored e-mails from the EveryCloud Control Panel. Stored e-mails can be searched by specific criteria and content. Users can re-deliver stored e-mails to a Customer’s e-mail server.

5. The redirection of incoming e-mails to the backup server is automatic when there is no response from the Customer’s server.

6. During activation of the backup server, Users can access e-mails in the backup server via POP3, IMAP or Webmail interface.

7. E-mails in the backup server will be automatically sent to a Customer’s e-mail server as soon as a Customer’s e-mail server becomes available again, provided always that the e-mails have not previously been moved to other folders or deleted via POP3, IMAP or Web interface. E-mails will be deleted from the backup server after transmission to a Customer’s e-mail server.

Appendix 5

WEB FILTER SERVICE DESCRIPTION

1.Service Description

1.1The Vendor filters outgoing http or https and ftp requests of the Customer through its own web proxy servers. This will be implemented through an adjustment in the proxy settings of the browser of the Reseller‘s or the Customer’s internet access.

1.2Data connections will be scanned for virus, trojans, phishing attacks, hacked servers and certain categories provided that the EveryCloud Web Filter Service has been activated for the authenticated User.

1.3https data streams will be broken and analysed accord to the Customer’s policy settings.

1.4.Data streams will be searched for dangerous links through a quick detection scan.

1.5Forbidden file downloads according to the Customer‘s policy settings will be blocked.

1.6Blocking of certain web pages and content is based on the policy settings of the Customer or the Reseller determined through the EveryCloud Control Panel.

1.7Websites will be analysed and filtered based on certain categories. These categories are summarised for the User. It is possible to filter websites for individual Users and/or groups.

1.8The Web Filter Service blocks the accessing of unwanted and dangerous content.

1.9.The Web Filter Service of EveryCloud will automatically categorise websites that are not yet included in the database.

1.10The time for post-categorisation is two hours on average on the maximum. Websites that are mis-categorised can be assigned to the correct category upon request. The rate of mis-categorised websites compared to correctly categorised websites is 1:100,000 on the maximum.

1.11Uncategorised websites can optionally be blocked through an entry into a blacklist.

1.12The web filter works independently of the Reseller‘s or the Customer‘s network infrastructure and is redundantly designed to operate in the data centres of EveryCloud. It guarantees an availability of 99.9% on an annual average.

1.1399.9% of all accessed websites will be categorised in less than a second.

Appendix 6

ARCHIVING SERVICE DESCRIPTION

1. Service Description

1.1The EveryCloud system shall archive Customer emails which shall be retained for a maximum period of 30 years, or as otherwise determined by the Customer or Reseller within the EveryCloud system.

1.2Users shall be able to access archived emails over the Internet. It is possible to search archived emails according to certain criteria and contents in order to retrieve the specific emails. Users shall be able to interactively initiate re-sending of archived emails to the Customer's systems.

1.3Upon receipt of a written request to the Vendor, the Customer shall be granted special access in order to allow access to all archived emails for a certain time period (audit access, e.g. for a tax audit). This access shall be deleted after completion of the required purpose of the Customer.

1.4The following emails shall be archived:

1.4.1Emails which were sent by the Customer to third parties through the EveryCloud servers (outgoing external emails);

1.4.2Emails which were received by the client from third parties through the EveryCloud servers (incoming external emails);

1.4.3Emails which are provided by the Customer for pickup by in a special mail box within the EveryCloud server (internal email).

1.5Requirement for archiving of external emails according to clause a) and b) shall be the use of the agent's spam filter server according to separate agreement.

1.6The support of IT systems owned and operated by the Customer or Reseller shall not be the responsibility of the Vendor.

1.7The archiving volume shall be limited to 25 GB per User per Annum. The volume shall be averaged over all Users within each Customer. Data volume exceeding the included volume shall be separately billed at the rate of £4.70 GB pounds per GB.

1.8The Vendor shall warrant the availability of archived email of the Customer for a maximum duration of 30 years starting the end of the year the archived email was sent or received. The Vendor shall only make available such archived email whilst the Customer remains a live Customer using the EveryCloud Services. In the event of termination of this Agreement, the Customer shall be required to enter into a stand-alone agreement in respect of data storage maintenance to enable the Customer to have continuous availability of archived emails.

1.9The Customer and or Reseller shall have access to the archived emails 24 hours per day 365 days per year. In the event that there is a technical malfunction, scheduled maintenance, the Customer shall obtain access to the archived emails within 12 hours of making the request. Planned maintenance times shall be excluded.

1.10The archiving Service is compliant with current statutory conditions regarding electronic email archiving. The Vendor shall use its reasonable endeavours to ensure that the archiving Service remains compliant at all times, including in respect of amended statutory requirements.